All Products
Search
Document Center

Cloud Firewall:Benefits

Last Updated:Jan 02, 2024

Cloud Firewall is a cloud security solution that provides firewalls as a service. Cloud Firewall manages both north-south and east-west traffic to ensure the security of your network. Cloud Firewall is easy-to-use and works out-of-the-box. Cloud Firewall supports precise access control and network-wide traffic visualization.

Fully managed service

Cloud Firewall is a software as a service (SaaS) solution that adopts software-defined networking (SDN) technology. Cloud Firewall is a fully managed service that spares you from complex device deployment and system configurations, such as firewall image installation and routing configurations. In addition, you do not need to pay attention to disaster recovery, scale-out, or access issues.

Ease of use

After you purchase Cloud Firewall and complete the required configurations in the Cloud Firewall console, you can immediately use Cloud Firewall to protect your network. Cloud Firewall effectively reduces the costs of network security control and O&M.

Smooth scaling

Cloud Firewall is deployed in cluster mode and supports smooth scaling. Cloud Firewall provides a defense capability of up to 2 Gbit/s for each IP address. You can specify the defense capability based on your business requirements.

Stability and reliability

By default, Cloud Firewall adopts the high availability architecture and supports dual-zone deployment. If a server or a zone fails, Cloud Firewall is not affected.

On-cloud in-depth integration

Cloud Firewall provides complete north-south and east-west access control for your assets. You can fully control access to your Elastic Compute Service (ECS) instances and isolate ECS instances for security.

Cloud Firewall integrates access by Alibaba Cloud network services, such as Virtual Private Cloud (VPC), Cloud Enterprise Network (CEN), Elastic IP Address (EIP), and Server Load Balancer (SLB). Cloud Firewall controls access to common cloud assets at the network layer and exploits security capabilities of terminals to monitor and block suspicious access to cloud assets.

Real-time intrusion prevention

A built-in intrusion prevention system (IPS) allows Cloud Firewall to update network-wide threat intelligence in real time and monitors more than five million active malicious IP addresses and domain names. This way, Cloud Firewall can detect and block threats from the Internet. In addition, Cloud Firewall provides a cyber kill chain to defend against critical cyberattacks.

Visualized business relationships

Cloud Firewall displays the assets and the access relationships of the assets in topologies. After you activate Cloud Firewall, you can view your business groups, application groups, assets, and access relationships between assets in topologies, and perform clustering analysis of user traffic without configurations. Cloud Firewall supports visualized analysis of traffic to ensure policy accuracy.

MLPS 2.0 compliance

Cloud Firewall meets the requirements such as boundary protection and access control of "GB/T 22239-2019 Information security technology - Baseline for classified protection of cybersecurity", which is referred to as MLPS 2.0.